Closed mroffice closed 1 year ago
Also had a thought that it might be to do with developer roles, here are mine:
Ok just an update so Developer Support Team suggest that Direct-to-Consumer Delivery (Restricted)
role must be applied for to access the getSubscription
/createSubscription
requests.
I think they must be wrong because it makes no sense to block all requests to the request itself just because some of the parameters than can be requested would be from restricted roles. Furthermore there is no mention of the Subscription
requests in the documentation for Direct-to-Consumer Delivery..
For example I can request a report fine, but get a 403 if I request a report that belongs to a restricted role. I would assume the notification api is the same.. so waiting for clarification..
Another update - Amazon Developer Support have suggested it is something to do with the signing of the request - "Please confirm if you are using the AWS credentials to sign the request"
- are they sending me on another wild goose chase?
Can anyone confirm if I can send requests to other APIs (e.g. Reports API) successfully - the signing mechanism is the same for Notifications API so I should be able to send requests without the 403 Unauthorized?
I am using the jlevers package on the products, reports, and feeds endpoints and have not run into a signing issue. The library should already be handling that. The catalog api is a pretty simple endpoint to test on to check if there is an issue with your credentials. If not, I would dump the variables/parameters being sent by the library to see if some values look off.
I am using the jlevers package on the products, reports, and feeds endpoints and have not run into a signing issue. The library should already be handling that. The catalog api is a pretty simple endpoint to test on to check if there is an issue with your credentials. If not, I would dump the variables/parameters being sent by the library to see if some values look off.
Thanks for the reply. Haven't tried the Catalog API but I've no problem using the Reports API and some requests to the Notification API - just the reading/writing of subscriptions seems to be the problem. If the jlevers package is handling the signing of requests exactly the same across the APIs - then I just can't figure out what the problem might be - it must be something to do with Amazon's internal permissions and roles - I'll keep at them.
i'm going to close this because it seems likely that it's an Amazon problem and not something to do with this library, but please feel free to reopen it if you find more evidence that the library is causing the issue, and/or think i can be helpful in resolving it.
Problem description:
Sorry for yet another 403 Unauthorized issue! I'm sure it's a configuration problem somewhere but I can't figure it out.
I can access
CreateDestination
,GetDestination
but nothing to do withSubscriptions
. Am I right in thinking the package automatically handles the grantless request (e.g.CreateDestination
) as that went through fine? Now trying to create a subscription for that destination is gives the 403 error.I thought it might be related to marketplace but only the
ANY_OFFER_CHANGED
notification type you can specify the marketplaces to subscribe to - so that's my example below. I also tried another couple of notification types (and only passing in thedestination_id
andpayload_version
to theCreateSubscriptionRequest
).The access policy on my SQS queue is exactly as given in the documentation
Is the user id given (
437568002678
) marketplace specific maybe??My App type is SP-API only - I don't need access to MWS as well for this do I??
Any help much appreciated.
Error:
Code
Seller Central SP API config page screenshot